<?
if (!session_is_registered(LOGIN_USERID)) {
    session_register(LOGIN_USERID);
    session_register(LOGIN_USER);
    session_register(LOGIN_GROUPID);
    session_register(LOGIN_DEPTID);
    session_register(LOGIN_OFFICEID);
    if (strlen(GetUserLogin())) {
        $USERPROFILE_NAME = GetStaffName();
        list($USER_CANINSERT,$USER_CANUPDATE,$USER_CANDELETE,$USER_NOACCESS,$USER_JUSTVIEW,$USER_CANAPPROVAL1,$USER_CANAPPROVAL2,$USER_CANAPPROVAL3) = AccessPrivileges (GetGroupID());
    }
//  print "$USER_CANINSERT,$USER_CANUPDATE,$USER_CANDELETE,$USER_NOACCESS";
}

    function GetGroupID()
    {
        //return MyGetSession(LOGIN_GROUPID);
        return $_SESSION[LOGIN_GROUPID];
    }

    function GetUserLogin()
    {
        //return MyGetSession(LOGIN_USER);
        return $_SESSION[LOGIN_USER];
    }

    function GetUserID()
    {
        //return MyGetSession(LOGIN_USERID);
        return $_SESSION[LOGIN_USERID];
    }

    function GetOfficeID()
    {
        //return MyGetSession(LOGIN_OFFICEID);
        return $_SESSION[LOGIN_OFFICEID];
    }

    function GetStaffName()
    {   global $DBName,$DBGeneral,$DBCoins;
        $DBConnection   = new mydb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
        $SQL = "SELECT nama FROM $DBGeneral.tblstaff WHERE tblstaff.user_id=".GetUserID();
        $a = $DBConnection->dbc->get_var($SQL);
        return $a;
    }

    function LoginUser($login, $password, $ktrasl)
    {   global $DBName,$DBGeneral,$DBApp,$HashKey;
            $login = AntiSQLInject($login);
            $password = AntiSQLInject($password);
        $DBConnection = new mydb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
        $SQL = "SELECT tbluser.user_id, tblgroup.group_id, tblgroup.group_name, ktrasl, nama ".
                   "FROM $DBGeneral.tbluser ".
                   "INNER JOIN $DBGeneral.tblstaff ON tbluser.user_id=tblstaff.user_id ".
                   "INNER JOIN $DBApp.tblusergroup ON tblusergroup.user_id=tbluser.user_id ".
                   "INNER JOIN $DBApp.tblgroup ON tblgroup.group_id=tblusergroup.group_id ".
                   "WHERE `user`=\"" .$login. "\" AND `password`=AES_ENCRYPT(\"".$password."\",\"$HashKey\") ";
        //echo $SQL;
        $Result = $DBConnection->dbc->get_row($SQL);
/*
        print $SQL."<br>";
        print_r($Result);
        die();
*/
        if($Result)
        {
          //print $SQL;
             /*
            MySetSession(LOGIN_USERID, $Result->user_id);
            MySetSession(LOGIN_USER, $login);
            MySetSession(LOGIN_OFFICEID, $Result->ktrasl);
            MySetSession(LOGIN_GROUPID, $Result->group_id);
			MySetSession(LOGIN_GROUPNAME, $Result->group_name);
		  */	
			$_SESSION[LOGIN_USERID] = $Result->user_id;
            $_SESSION[LOGIN_USER] = $login;
            $_SESSION[LOGIN_OFFICEID] = $Result->ktrasl;
            $_SESSION[LOGIN_GROUPID] = $Result->group_id;
			$_SESSION[LOGIN_GROUPNAME] = $Result->group_name;

        }
        return $Result;
    }

    function AccessPrivileges ($group_id) {
        global $_SERVER;
        $pathmodules = explode("/",$_SERVER['PHP_SELF']);
        $module_script = $pathmodules[count($pathmodules)-1];
        $DBConnection = new mydb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
        $SQL = "SELECT `m_insert`, `m_update`, `m_delete`, `noaccess`, `approval1`,`approval2`,`approval3` ".
               "FROM tblaccess, tblmodules ".
               "WHERE `group_id`='" .$group_id. "' AND tblaccess.module_id=tblmodules.module_id AND module_script='$module_script'";
        $Result = $DBConnection->dbc->get_row($SQL);
        print mysql_error();
        if($Result) {
            $insert    = $Result->m_insert;
            $update    = $Result->m_update;
            $delete    = $Result->m_delete;
            $noaccess  = $Result->noaccess;
            $approval1 = $Result->approval1;
        $approval2 = $Result->approval2;
        $approval3 = $Result->approval3;
        } else {
            $insert    = 1;
            $update    = 1;
            $delete    = 1;
            $noaccess  = 0;
        }
        if ($insert && $delete) $justview=1;
        else $justview=0;

        $retarray = array($insert,$update,$delete,$noaccess,$justview,$approval1,$approval2,$approval3);
        //echo $retarray;
        return $retarray;
    }

    function LogoutUser()
    {
              session_start();
              session_destroy();
    }

    function SecurityRedirect () {
        $ReturnPage = getenv("REQUEST_URI");
        if(!strlen($ReturnPage)) {
            $ReturnPage = getenv("SCRIPT_NAME");
            $QueryString = GetQueryString("QueryString", "");
            if($QueryString !== "")
                $ReturnPage .= "?" . $QueryString;
        }
        $ErrorType = SecurityAccessCheck();
        if($ErrorType != "success")
        {
            if(!strlen($URL))
                $Link = ServerURL . LOGIN_PAGE;
            else
                $Link = $URL;
            header("Location: " . $Link . "?ret_link=" . urlencode($ReturnPage) . "&type=" . $ErrorType);
            exit;
        }
    }

    function SecurityAccessCheck()
    {
        $ErrorType = "success";
        if(!strlen(GetUserID()))
        {
            $ErrorType = "notLogged";
        }
        else
        {
        if (GetStaffName()) {
            $GroupID = GetGroupID();
            if(!strlen($GroupID))
            {
                $ErrorType = "groupIDNotSet";
            }
        } else $ErrorType = "notLogged";
/*
            else
            {
                if(!UserInGroups($GroupID, $GroupsAccess))
                    $ErrorType = "illegalGroup";
            }
*/
        }
        return $ErrorType;
    }

    function UserInGroups($GroupID, $GroupsAccess)
    {
        $Result = "";
        if(strlen($GroupsAccess))
        {
            $GroupNumber = intval($GroupID);
            while(!$Result && $GroupNumber > 0)
            {
                $Result = (strpos(";" . $GroupsAccess . ";", ";" . $GroupNumber . ";") !== false);
                $GroupNumber--;
            }
        }
        else
        {
            $Result = true;
        }
        return $Result;
    }
?>
